Encrypt login ID, password stored in cookie in Java and Decrypt the information in C#


I am working on a custom single sign on project. The main web site runs on BEA Weblogic. When an user logs into the site, the site is supposed to store login ID and password in a cookie. When the same user connects to another secure sub-site based on asp.net, the sub-site will do an automatic login for the user based on the stored cookie information. To increase security, I would like to encrypt the stored ID and password.

Can you recommend a good encryption/decryption routine that works across the two different platforms? I understand storing ID and password in a cookie is not really a secure solution, but I am trying make the login process as fast as I can.

Who is Participating?
lalala66Connect With a Mentor Author Commented:
Normally, this would be the idea design. Unfortunately, the sub-site is based on a CRM application that I have no control over. My code needs to log into the system on behalf of the user.
I don't think you want a encrypt/decrypt type thing. It might be better to encrypt both together with md5() function and store the resulting hash in the cookie and database. MD5() takes some input, then encrypts it into a 32 char long hex number.
When user goes to other site, site pulls cookie, checks if the hash exists, if it does, log in automatically.
Ideally, you don't ever want to decrypt a password (or have passwords stored in a decryptable format). You encrypt a password provided and just compare hashes. If match - login successful.
MD5 doesn't produce dupes - so you always get back a unique hash for unique entries.
The MD5 alorithm is available in PHP and ASP - so I think it might work out fine.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.